Radio Station By Netmix® – Manage And Play Your Show Schedule In WordPress! Security Vulnerabilities

Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio

Minio unsafe default: Access keys inherit admin of root user, allowing privilege escalation in...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

Improper Authentication in HashiCorp Vault in...

Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault

Hashicorp Vault may expose sensitive log information in...

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

MongoDB Tools Improper Certificate Validation vulnerability in...

Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher

Rancher 'Audit Log' leaks sensitive information in...

Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira

Mattermost Jira Plugin does not properly check security levels in...

Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

Mattermost denial of service through long emoji value in...

Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

Mattermost fails to check the "invite_guest" permission in...

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

Mattermost fails to properly restrict the access of files attached to posts in...

Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault

Enumeration of users in HashiCorp Vault in...

SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

SFTP is possible on the Proxy server for any user with SFTP access in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

Insecure random string generator used for sensitive data in...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...

Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

Mattermost vulnerable to denial of service via large number of emoji reactions in...

Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

Grafana Cross-site Scripting (XSS) in...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Denial of service in HashiCorp Consul in github.com/hashicorp/consul

Denial of service in HashiCorp Consul in...

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in blitiri.com.ar/go/chasquid

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in...

Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

Authenticated users can crash the CubeFS servers with maliciously crafted requests in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Grafana stored XSS in github.com/grafana/grafana

Grafana stored XSS in...

Moby Docker cp broken with debian containers in github.com/moby/moby

Moby Docker cp broken with debian containers in...

Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

Mattermost fails to limit the number of role names in...

LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI

LocalAI path traversal vulnerability in...

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

Argo-cd authenticated users can enumerate clusters by name in...

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...

Evmos is missing precompile checks in github.com/evmos/evmos

Evmos is missing precompile checks in...

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher

Rancher's External RoleTemplates can lead to privilege escalation in...

SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb

SpiceDB exclusions can result in no permission returned when permission expected in...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...

Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij

Improper trust check in Bazel Build intellij plugin in...

AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome

AdGuardHome privilege escalation vulnerability in...

Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter

Openshift/telemeter: iss check during jwt authentication can be bypassed in...

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in...

Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Minder affected by denial of service from maliciously configured Git repository in...

SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin

SQL injection vulnerability in Gin-vue-admin in...

SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo

SFTPGo has insufficient access control for password reset in...

Evmos is missing create validator check in github.com/evmos/evmos

Evmos is missing create validator check in...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30171

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining Multiple CVEs

Summary There is a vulnerability in Apache Commons Compress that could allow an remote attacker exploit to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025

Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30172

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772

Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849

Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...